CyberLeet Training Manual: Cybersecurity Policies
VerifiedAdded on 2023/06/16
|9
|1737
|361
AI Summary
This training manual is designed for information security analysts at CyberLeet Technologies. It covers the principles and practices of cybersecurity policies, including password policies, acceptable use policies, user training policies, and basic user policies. The manual emphasizes the importance of confidentiality, integrity, and availability of information. References are also provided for further reading.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Company Training Manual
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Company Training Manual
Prepared by:
[Student first and last name]
Prepared by:
[Student first and last name]
CYBERLEET TRAINING MANUAL
MANUAL OVERVIEW 4
SECTION 3: CYBERSECURITY POLICIES 5
3.1 PASSWORD POLICIES 5
3.2 ACCEPTABLE USE POLICIES 6
3.3 USER TRAINING POLICIES 7
3.4 BASIC USER POLICIES 8
SECTION 5: References 9
C o m p a n y M a n u a l P a g e | 3
MANUAL OVERVIEW 4
SECTION 3: CYBERSECURITY POLICIES 5
3.1 PASSWORD POLICIES 5
3.2 ACCEPTABLE USE POLICIES 6
3.3 USER TRAINING POLICIES 7
3.4 BASIC USER POLICIES 8
SECTION 5: References 9
C o m p a n y M a n u a l P a g e | 3
CYBERLEET TRAINING MANUAL
MANUAL OVERVIEW
You are the training manager at CyberLeet Technologies, a midsized firm that provides
cybersecurity services to other businesses. CyberLeet’s core customer base is sole
proprietorships and other mom-and-pop shops that are too small to have their own IT
departments and budgets. Generally speaking, your clients have a reasonably high risk
tolerance, and put a premium on the functionality of their IT systems over stringent security
measures. However, you also have clients that must protect highly sensitive information in
order to continue operating successfully. For example, CyberLeet supports a few small
public-accounting firms that need to maintain important tax-related information, as well as
several day-care businesses that must keep children’s health records private while allowing
necessary access for certain caregivers. In the past year, CyberLeet has experienced rapid
growth, which means you can no longer personally provide one-on-one training to every
new information security analyst as they are hired. Therefore, you have decided to create a
training manual that will explain to the current and future cohorts of new hires the essential
principles and practices that they must understand in order to be successful in their role as
information security analysts at CyberLeet.
Manual Layout
There are four sections in the manual, which cover all the components of a new employee training
manual. As the training manager, you must complete each section using information you learned in
this course. Refer to the background information on CyberLeet and apply the appropriate
information that best matches based on the size of the company, the value of cybersecurity, and its
core tenets. Apply best practices of cybersecurity principles for addressing the common threat
scenarios of a sole proprietary business. The main sections of the manual you are responsible for
completing are the following:
Introduction
Core tenets of cybersecurity
Developing cybersecurity policies
Threat mitigation scenarios
C o m p a n y M a n u a l P a g e | 4
MANUAL OVERVIEW
You are the training manager at CyberLeet Technologies, a midsized firm that provides
cybersecurity services to other businesses. CyberLeet’s core customer base is sole
proprietorships and other mom-and-pop shops that are too small to have their own IT
departments and budgets. Generally speaking, your clients have a reasonably high risk
tolerance, and put a premium on the functionality of their IT systems over stringent security
measures. However, you also have clients that must protect highly sensitive information in
order to continue operating successfully. For example, CyberLeet supports a few small
public-accounting firms that need to maintain important tax-related information, as well as
several day-care businesses that must keep children’s health records private while allowing
necessary access for certain caregivers. In the past year, CyberLeet has experienced rapid
growth, which means you can no longer personally provide one-on-one training to every
new information security analyst as they are hired. Therefore, you have decided to create a
training manual that will explain to the current and future cohorts of new hires the essential
principles and practices that they must understand in order to be successful in their role as
information security analysts at CyberLeet.
Manual Layout
There are four sections in the manual, which cover all the components of a new employee training
manual. As the training manager, you must complete each section using information you learned in
this course. Refer to the background information on CyberLeet and apply the appropriate
information that best matches based on the size of the company, the value of cybersecurity, and its
core tenets. Apply best practices of cybersecurity principles for addressing the common threat
scenarios of a sole proprietary business. The main sections of the manual you are responsible for
completing are the following:
Introduction
Core tenets of cybersecurity
Developing cybersecurity policies
Threat mitigation scenarios
C o m p a n y M a n u a l P a g e | 4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
CYBERLEET TRAINING MANUAL
SECTION 3: Cybersecurity Policies
3.1 Password Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate password policies for their clients? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following aspects:
Password policies refer to the set of rules that are designed for the purpose of enhancing the
customer security by encouraging the users to make use of the strong passwords and to use
them in a proper way. Password polices are a main part of most of the organisations official
regulations and are often taught as a part of the training for security awareness (Chen,
Ramamurthy & Wen, 2012). The things that are to be considered for the password policies
are:
Length and formation of the password. There are many policies which requires
password of minimum length. Both upper and lower case letters are used for
password, password may include one or more numeric digits, may include special
characters and many more.
Password blacklist refers to the blocking of a list of passwords from being used. This
list is made based on the passwords constructed or combination of the characters that
meets the company’s policies but are no longer used as they may be considered
insecure.
Duration of the password. This fact refers to the changing of the passwords
periodically like in a time span of 60 days or 180 days.
All these criteria’s must be considered by CyberLeet for the purpose of assuring security to
the users of the services provided by CyberLeet (Ifinedo, 2014). By following all of the
above steps it becomes very easy to secure the system of CyberLeet.
C o m p a n y M a n u a l P a g e | 5
SECTION 3: Cybersecurity Policies
3.1 Password Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate password policies for their clients? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following aspects:
Password policies refer to the set of rules that are designed for the purpose of enhancing the
customer security by encouraging the users to make use of the strong passwords and to use
them in a proper way. Password polices are a main part of most of the organisations official
regulations and are often taught as a part of the training for security awareness (Chen,
Ramamurthy & Wen, 2012). The things that are to be considered for the password policies
are:
Length and formation of the password. There are many policies which requires
password of minimum length. Both upper and lower case letters are used for
password, password may include one or more numeric digits, may include special
characters and many more.
Password blacklist refers to the blocking of a list of passwords from being used. This
list is made based on the passwords constructed or combination of the characters that
meets the company’s policies but are no longer used as they may be considered
insecure.
Duration of the password. This fact refers to the changing of the passwords
periodically like in a time span of 60 days or 180 days.
All these criteria’s must be considered by CyberLeet for the purpose of assuring security to
the users of the services provided by CyberLeet (Ifinedo, 2014). By following all of the
above steps it becomes very easy to secure the system of CyberLeet.
C o m p a n y M a n u a l P a g e | 5
CYBERLEET TRAINING MANUAL
3.2 Acceptable Use Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate acceptable use policies for the client? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following questions:
Acceptable use policy or fair use policy that mainly refers to the set of rules that are applied
by the owner, creator or administrator of the network, website or service for the purpose of
restricting the different ways of accessing the network, website or service and also for the
purpose of setting guidelines for the way of using the network, website or service (Mergel &
Bretschneider, 2013). CyberLeet can make use of the acceptable use policy for the user so as
to reduce the potentials related with the legal actions that are taken by the user and often used
for the little prospect of the enforcement. Being an integral part of the information security
policy, the CyberLeet will ask the new members of the organisations to sign up for
acceptable use policies before the users are provided with any type of access to the
information system of any organisation. CyberLeet should make the Acceptable use policy
simple and clear along with this CyberLeet should also point out the facts about what are the
things that the users are able to access and what they are not able to access of the IT system
of any organisation (Motiwalla & Thompson, 2012). The sanctions that are to be applied for
the breaking of the acceptable use policy should also be made clear to the users.
C o m p a n y M a n u a l P a g e | 6
3.2 Acceptable Use Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate acceptable use policies for the client? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following questions:
Acceptable use policy or fair use policy that mainly refers to the set of rules that are applied
by the owner, creator or administrator of the network, website or service for the purpose of
restricting the different ways of accessing the network, website or service and also for the
purpose of setting guidelines for the way of using the network, website or service (Mergel &
Bretschneider, 2013). CyberLeet can make use of the acceptable use policy for the user so as
to reduce the potentials related with the legal actions that are taken by the user and often used
for the little prospect of the enforcement. Being an integral part of the information security
policy, the CyberLeet will ask the new members of the organisations to sign up for
acceptable use policies before the users are provided with any type of access to the
information system of any organisation. CyberLeet should make the Acceptable use policy
simple and clear along with this CyberLeet should also point out the facts about what are the
things that the users are able to access and what they are not able to access of the IT system
of any organisation (Motiwalla & Thompson, 2012). The sanctions that are to be applied for
the breaking of the acceptable use policy should also be made clear to the users.
C o m p a n y M a n u a l P a g e | 6
CYBERLEET TRAINING MANUAL
3.3 User Training Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate user training policies for the client? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following:
The users are to be provided training about the use of different cyber security policies and
this cyber security policy should be included in the employee agreement so as to make sure
that the employees of different organisation understand the guidelines. The CyberLeet should
organise training sessions for every organisation they provide service. A fun way that
CyberLeet can use so as to understood if the users are totally aware of the policies and to test
the actions of the users is by the organisation of quiz sessions. Other things that are to be
include in the training policy are that every user should be eligible for the training without
any discrimination (Vance & Siponen, 2012). Training sessions can be held for about 30
minutes at a regular interval for the purpose of knowing if all the users are aware of the
cybersecurity policies or not.
C o m p a n y M a n u a l P a g e | 7
3.3 User Training Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate user training policies for the client? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following:
The users are to be provided training about the use of different cyber security policies and
this cyber security policy should be included in the employee agreement so as to make sure
that the employees of different organisation understand the guidelines. The CyberLeet should
organise training sessions for every organisation they provide service. A fun way that
CyberLeet can use so as to understood if the users are totally aware of the policies and to test
the actions of the users is by the organisation of quiz sessions. Other things that are to be
include in the training policy are that every user should be eligible for the training without
any discrimination (Vance & Siponen, 2012). Training sessions can be held for about 30
minutes at a regular interval for the purpose of knowing if all the users are aware of the
cybersecurity policies or not.
C o m p a n y M a n u a l P a g e | 7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CYBERLEET TRAINING MANUAL
3.4 Basic User Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate basic user policies for the client? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following questions:
The root and the organisation resources are the general resources are the main resources that
make up the structure of the organisation and this resources can be controlled. CyberLeet can
adopt various policies for the purpose of protecting the organisations from any type of threat
(Anderson et al., 2013). This may include the use of RFID or Radio Frequency Identification
Technique for the purpose of identifying the employees for a specified organisation. In this
process CyberLeet can insert RFID tags or chips in an employee’s identity card or a badge.
cyberLeet should also make sure that every employee is wearing a proper identification tags
inside the premises of any organisation so as to check that no outsider comes inside the
premises without any approval from the organisation. There should exist proper verification
techniques for the visitors like proper photo ID, temporary issue cards which will ultimately
help in better identification of the employees and the visitors (Choi, Choi & Kim, 2014).
C o m p a n y M a n u a l P a g e | 8
3.4 Basic User Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate basic user policies for the client? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following questions:
The root and the organisation resources are the general resources are the main resources that
make up the structure of the organisation and this resources can be controlled. CyberLeet can
adopt various policies for the purpose of protecting the organisations from any type of threat
(Anderson et al., 2013). This may include the use of RFID or Radio Frequency Identification
Technique for the purpose of identifying the employees for a specified organisation. In this
process CyberLeet can insert RFID tags or chips in an employee’s identity card or a badge.
cyberLeet should also make sure that every employee is wearing a proper identification tags
inside the premises of any organisation so as to check that no outsider comes inside the
premises without any approval from the organisation. There should exist proper verification
techniques for the visitors like proper photo ID, temporary issue cards which will ultimately
help in better identification of the employees and the visitors (Choi, Choi & Kim, 2014).
C o m p a n y M a n u a l P a g e | 8
CYBERLEET TRAINING MANUAL
SECTION 5: References
Chen, Y., Ramamurthy, K., & Wen, K. W. (2012). Organizations' information security policy
compliance: Stick or carrot approach?. Journal of Management Information Systems, 29(3),
157-188.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of
the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-
79.
Vance, A., & Siponen, M. T. (2012). IS security policy violations: a rational choice
perspective. Journal of Organizational and End User Computing (JOEUC), 24(1), 21-41.
Mergel, I., & Bretschneider, S. I. (2013). A three‐stage adoption process for social media use
in government. Public Administration Review, 73(3), 390-400.
Motiwalla, L. F., & Thompson, J. (2012). Enterprise systems for management (p. 245).
Boston, MA: Pearson.
Anderson, A., Huttenlocher, D., Kleinberg, J., & Leskovec, J. (2013, May). Steering user
behavior with badges. In Proceedings of the 22nd international conference on World Wide
Web (pp. 95-106). ACM.
Choi, C., Choi, J., & Kim, P. (2014). Ontology-based access control model for security
policy reasoning in cloud computing. The Journal of Supercomputing, 67(3), 711-722.
C o m p a n y M a n u a l P a g e | 9
SECTION 5: References
Chen, Y., Ramamurthy, K., & Wen, K. W. (2012). Organizations' information security policy
compliance: Stick or carrot approach?. Journal of Management Information Systems, 29(3),
157-188.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of
the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-
79.
Vance, A., & Siponen, M. T. (2012). IS security policy violations: a rational choice
perspective. Journal of Organizational and End User Computing (JOEUC), 24(1), 21-41.
Mergel, I., & Bretschneider, S. I. (2013). A three‐stage adoption process for social media use
in government. Public Administration Review, 73(3), 390-400.
Motiwalla, L. F., & Thompson, J. (2012). Enterprise systems for management (p. 245).
Boston, MA: Pearson.
Anderson, A., Huttenlocher, D., Kleinberg, J., & Leskovec, J. (2013, May). Steering user
behavior with badges. In Proceedings of the 22nd international conference on World Wide
Web (pp. 95-106). ACM.
Choi, C., Choi, J., & Kim, P. (2014). Ontology-based access control model for security
policy reasoning in cloud computing. The Journal of Supercomputing, 67(3), 711-722.
C o m p a n y M a n u a l P a g e | 9
1 out of 9
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.